Skip to main content

Full Domain Functional Bootstrapping with Least Significant Bit Encoding

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14526))

Included in the following conference series:

  • 410 Accesses

Abstract

Functional bootstrapping (FBS) is a powerful technique that evaluates a look-up table (LUT) while refreshing an LWE ciphertext in FHEW and TFHE schemes. However, the LUT evaluation over the message space is constrained by negacyclicity, which affects the practical application of functional bootstrapping. Existing methods require multiple FBS and some homomorphic operations to address this issue, which results in inferior performance compared with the original functional bootstrapping.

In this paper, we utilize the variant least significant bit (LSB) encoding method to efficiently achieve the full domain functional bootstrapping for message space in FHEW-like schemes. Specifically, the message space \(\mathbb {Z}_t\) is embedded into the encoding space \(\mathbb {Z}_{N}\) by setting the most significant bit of noise to zero. As a result, the encoding space is equal to the domain of the LUT and our functional bootstrapping can evaluate arbitrary functions. In addition, our technique can be applied to multi-value bootstrapping and tree-based bootstrapping. Thus, these algorithms only need one FBS to achieve the full domain property.

Finally, we implement our full domain functional bootstrapping in the OpenFHE cryptography library. Experiments demonstrate that up to 2 \(\times \) performance improvement is achieved compared with the state-of-the-art work [27].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Albrecht, M., et al.: Homomorphic encryption security standard. Homomorphic Encryption. org, Toronto, Canada, Technical Report 11 (2018)

    Google Scholar 

  2. Alperin-Sheriff, J., Peikert, C.: Practical bootstrapping in quasilinear time. In: Canetti, R., Garay, J.A. (eds.) Annual Cryptology Conference, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_1

  3. Bonte, C., Iliashenko, I., Park, J., Pereira, H.V., Smart, N.P.: Final: faster FHE instantiated with NTRU and LWE. Cryptology ePrint Archive (2022)

    Google Scholar 

  4. Boura, C., Gama, N., Georgieva, M., Jetchev, D.: Simulating homomorphic evaluation of deep learning predictions. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) International Symposium on Cyber Security Cryptography and Machine Learning, pp. 212–230. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-20951-3_20

  5. Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) Annual Cryptology Conference, pp. 868–886. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_50

  6. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory (TOCT) 6(3), 1–36 (2014)

    Article  MathSciNet  Google Scholar 

  7. Carpov, S., Izabachène, M., Mollimard, V.: New techniques for multi-value input homomorphic evaluation and applications. In: Matsui, M. (ed.) Cryptographers’ Track at the RSA Conference, pp. 106–126. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-12612-4_6

  8. Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: Bootstrapping for approximate homomorphic encryption. In: Nielsen, J., Rijmen, V. (eds.) Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 360–384. Springer (2018). https://doi.org/10.1007/978-3-319-78381-9_14

  9. Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 409–437. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70694-8_15

  10. Chillotti, I., Gama, N., Georgieva, M., Izabachene, M.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon, J., Takagi, T. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 3–33. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_1

  11. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34–91 (2020)

    Article  MathSciNet  Google Scholar 

  12. Chillotti, I., Joye, M., Paillier, P.: Programmable bootstrapping enables efficient homomorphic inference of deep neural networks. In: Dolev, S., Margalit, O., Pinkas, B., Schwarzmann, A. (eds.) International Symposium on Cyber Security Cryptography and Machine Learning, pp. 1–19. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-78086-9_1

  13. Chillotti, I., Ligier, D., Orfila, J.B., Tap, S.: Improved programmable bootstrapping with larger precision and efficient arithmetic circuits for TFHE. In: Tibouchi, M., Wang, H. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 670–699. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-92078-4_23

  14. Clet, P.E., Zuber, M., Boudguiga, A., Sirdey, R., Gouy-Pailler, C.: Putting up the swiss army knife of homomorphic calculations by means of tfhe functional bootstrapping. Cryptology ePrint Archive (2022)

    Google Scholar 

  15. Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology - EUROCRYPT 2015–34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 26–30 April 2015, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_24

  16. Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive (2012)

    Google Scholar 

  17. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178 (2009)

    Google Scholar 

  18. Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) Annual Cryptology Conference, pp. 75–92. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_5

  19. Guimarães, A., Borin, E., Aranha, D.F.: Revisiting the functional bootstrap in TFHE. IACR Trans. Cryptogr. Hardware Embed. Syst. 229–253 (2021)

    Google Scholar 

  20. Guimarães, A., Borin, E., Aranha, D.F.: Mosfhet: optimized software for FHE over the torus. Cryptology ePrint Archive (2022)

    Google Scholar 

  21. Halevi, S., Shoup, V.: Algorithms in helib. In: Garay, J.A., Gennaro, R. (eds.) Annual Cryptology Conference, pp. 554–571. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_31

  22. Halevi, S., Shoup, V.: Design and implementation of helib: a homomorphic encryption library. Cryptology ePrint Archive (2020)

    Google Scholar 

  23. Halevi, S., Shoup, V.: Bootstrapping for helib. J. Cryptol. 34 (2021). https://doi.org/10.1007/s00145-020-09368-7

  24. Joye, M., Walter, M.: Liberating TFHE: programmable bootstrapping with general quotient polynomials. Cryptology ePrint Archive, Paper 2022/1177 (2022). https://eprint.iacr.org/2022/1177

  25. Kim, A., Polyakov, Y., Zucca, V.: Revisiting homomorphic encryption schemes for finite fields. In: Tibouchi, M., Wang, H. (eds.) International Conference on the Theory and Application of Cryptology and Information Security. pp. 608–639. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-92078-4_21

  26. Kluczniak, K., Schild, L.: FDFB: full domain functional bootstrapping towards practical fully homomorphic encryption. IACR Trans. Cryptogr. Hardware Embed. Syst. 2023(1), 501–537 (2022). https://doi.org/10.46586/tches.v2023.i1.501-537

  27. Liu, Z., Micciancio, D., Polyakov, Y.: Large-precision homomorphic sign evaluation using FHEW/TFHE bootstrapping. In: Agrawal, S., Lin, D. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 130–160. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22966-4_5

  28. Micciancio, D., Polyakov, Y.: Bootstrapping in FHEW-like cryptosystems. In: Proceedings of the 9th on Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pp. 17–28 (2021)

    Google Scholar 

  29. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009)

    Article  MathSciNet  Google Scholar 

  30. Yang, Z., Xie, X., Shen, H., Chen, S., Zhou, J.: TOTA: fully homomorphic encryption with smaller parameters and stronger security. Cryptology ePrint Archive (2021)

    Google Scholar 

Download references

Acknowledgments

We are grateful for the helpful comments from the anonymous reviewers of Inscrypt 2023. This work was supported by CAS Project for Young Scientists in Basic Research (Grant No. YSBR-035).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xianhui Lu .

Editor information

Editors and Affiliations

A Algorithms of functions presented in Section 2.4

A Algorithms of functions presented in Section 2.4

1.1 A.1 Correctness of the Key Switching

Lemma 1

Input an LWE ciphertext \(\textsf{ct} = \textsf{LWE}_{\textbf{z}}^N(m) \) with error variance \(\textsf{Var}(e)\), and the switching keys \(\textsf{ksk}_{i, j, v}\) with error variance \(\textsf{Var}(e_{\textsf{ksk}})\), the key switching algorithm outputs a new LWE ciphertext \(\textsf{ct}^{{\prime }} =\textsf{KeySwitch}_{\textbf{z} \rightarrow \textbf{s}}(\textsf{ct})\) with error variance \(\textsf{Var}(e^{\prime })\).

Proof

Let \(\textsf{ksk}_{i, j, v}=(\textbf{a}^{\prime }_{i, j, v},\textbf{a}^{\prime }_{i, j, v}\cdot \textbf{s}+v z_{i} B_{ks}^{j}+e_{i, j, v})\) for some \(\textbf{a}^{\prime }_{i, j, v} \in \mathbb {Z}_q^n\) and \(e_{i, j, v} \in \chi _{\delta }\), the output ciphertext is

$$\begin{aligned} \begin{aligned} \textsf{ct}^{{\prime }} &=\textsf{KeySwitch}_{\textbf{z} \rightarrow \textbf{s}}(\textsf{ct}) \\ &=(\textbf{0}, b)-\sum _{i, j} \textsf{ksk}_{i, j, a_{i, j}} \\ &=(\textbf{a}^{\prime },b^{\prime })\bmod q \in \textsf{LWE}_{\textbf{s}}^n(m), \end{aligned} \end{aligned}$$

where \(\textbf{a}^{\prime } = -\sum _{i, j} \textbf{a}^{\prime }_{i, j, a_{i, j}}\) and \(b^{\prime } = b-\textbf{a}\cdot \textbf{z}+\textbf{a}^{\prime } \cdot \textbf{s} - \sum _{i, j}e_{i, j, a_{i, j}}\). According to Theorem 6 of [15], the variance of the noise satisfies \(\textsf{Var}(e^{'}) \le \textsf{Var}(e)+Nd_{ks}\cdot \textsf{Var}(e_{\textsf{ksk}})\).

1.2 A.2 Correctness of the Modulus Switching

Lemma 2

Input an LWE ciphertext \(\textsf{ct} = (\textbf{a},b) \in \textsf{LWE}_{\textbf{s}}^n(m)\) with error variance \(\textsf{Var}(e)\) modulo Q, the modulus switching algorithm outputs a new LWE ciphertext \(\textsf{ct}^{\prime } =\textsf{ModSwitch}_{Q \rightarrow q}(\textsf{ct})\) with error variance \(\textsf{Var}(e^{\prime })\) modulo q.

Proof

Let the integers \(Q> q> t\) and \(Q \equiv 1 \bmod t,q \equiv 1 \bmod t\), the output ciphertext is

$$\begin{aligned} \begin{aligned} \textsf{ct}^{{\prime }} &=\textsf{ModSwitch}_{Q \rightarrow q}(\textsf{ct}) \\ &=(\lfloor \frac{q}{Q}\cdot \textbf{a} \rceil ,\lfloor \frac{q}{Q}\cdot b \rceil )\\ &=(\textbf{a}^{\prime },b^{\prime })\in \mathbb {Z}_q^{n+1}, \end{aligned} \end{aligned}$$

and satisfies the requirement that \(a_i^{\prime } \equiv a_i \bmod t, b^{\prime } \equiv b \bmod t\). It is straightforward to conclude that \(b+\left\langle \textbf{a},\textbf{s} \right\rangle \bmod Q \bmod t = b^{\prime }+\left\langle \textbf{a}^{\prime },\textbf{s} \right\rangle \bmod q \bmod t\) according to Lemma 5 of [6], and the variance of noise satisfies \(\textsf{Var}(e^{\prime }) \le (\frac{q}{Q})^2\cdot \textsf{Var}(e)+ \frac{t}{2}\cdot ||\textbf{s}||_2^2\).

1.3 A.3 Correctness of the Encoding Transformation

Lemma 3

Input an LWE ciphertext \(\textsf{ct} \in \mathsf {MSB.LWE}^n _\textbf{s}(m)\) with error variance \(\textsf{Var}(e)\), the encoding transformation algorithm outputs a new LWE ciphertext \(\textsf{ct}^{\prime } =\mathsf {EncodeTrans(ct)} \in \mathsf {LSB.LWE}^n _\textbf{s}(-m)\) with error variance \(\textsf{Var}(e)\).

Proof

Let \(\textsf{ct}= (\textbf{a},b=-\left\langle \textbf{a},\textbf{s} \right\rangle + \omega ) \in \mathbb {Z}^{n+1}_q\) with \(q \equiv 1 \bmod t\), where \(\omega = \left\lfloor \frac{q}{t} \cdot m \right\rceil +e\). The decoding procedure of MSB encoding is

$$\left\lfloor \omega \cdot \frac{t}{q} \right\rceil = \omega \cdot \frac{t}{q} - f = m \bmod t $$

for some \(f \in \frac{1}{q} \mathbb {Z}\cap [-1/2,1/2)\). By multiplying by q and let \(\mu = q\cdot f \in \mathbb {Z}\cap [-q/2,q/2)\), one can get \(\omega \cdot t - \mu = q \cdot m \bmod tq\). Then \(\textsf{ct}^{\prime }=\mathsf {EncodeTrans(ct)} =(t \cdot \textbf{a},t \cdot b) \bmod q\) is a ciphertext with the LSB encoding since the decryption step is \( \omega \cdot t = \mu \bmod q\) and

$$\mu = -q \cdot m \bmod t = -m \bmod t.$$

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Z., Wei, B., Wang, R., Lu, X., Wang, K. (2024). Full Domain Functional Bootstrapping with Least Significant Bit Encoding. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14526. Springer, Singapore. https://doi.org/10.1007/978-981-97-0942-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0942-7_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0941-0

  • Online ISBN: 978-981-97-0942-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics